1. Integrating the Cloud with PuppetTuesday, February 26, 13

2. About me: Dan Bode Some Dude at PuppetLabs @bodepd bodepd freenodeTuesday, February 26, 13

3. Who is this talk for? Cloud Users Puppet beginnersTuesday, February 26, 13

4. It will cover why integrate? explanation of Puppets architecture as it applies to integration using Puppet to model VM instancesTuesday, February 26, 13

5. Why Integrate?Tuesday, February 26, 13

6. Cloud Provisions virtual machines deployVirtualMachine Self Service API VM1Tuesday, February 26, 13

7. Puppet VMs -> Applications deployApacheServer Self Service API VM1 Make me an apache server Here are your instructions Puppet MasterTuesday, February 26, 13

8. Together PaaS deployAppStack Self Service API DB1 Apache1 Apache2 LBTuesday, February 26, 13

9. PuppetTuesday, February 26, 13

10. 2 run modes puppet apply client/serverTuesday, February 26, 13

11. Puppet Client/Server Classifier Modules Master Facts Catalog VM1Tuesday, February 26, 13

12. Facter Classifier Modules Master Facts Catalog VM1Tuesday, February 26, 13

13. Facter $ facter architecture => x86_64 domain => local fqdn => DansLapTop.local id => danbode ec2_instance_id => abc123abc123abc123 operatingsystem => Ubunbtu osfamily => Debian .....Tuesday, February 26, 13

14. Facter Available as top scope variables from manifests ie : $::fact_name Creating custom facts is easy.Tuesday, February 26, 13

15. Modules Modules Classifier Master Facts Catalog VM1Tuesday, February 26, 13

16. Modules Sharable Puppet contentTuesday, February 26, 13

17. Module Forge http://forge.puppetlabs.com/puppetlabs/apache I get all of my content from the forge!Tuesday, February 26, 13

18. Classes/defines compose resourcesTuesday, February 26, 13

19. Resources Describe the conguration state of individual system elements.Tuesday, February 26, 13

20. user { dan: # a user named dan ...Tuesday, February 26, 13

21. user { dan: # a user named dan ensure => present, # should exist ...Tuesday, February 26, 13

22. user { dan: # a user named dan ensure => present, # should exist shell => /bin/bash, # with this shell }Tuesday, February 26, 13

23. Puppet DSL and resourcesTuesday, February 26, 13

24. Puppet DSL Composes collections of resources.Tuesday, February 26, 13

25. Package/File/Service class webserver { package { apache2: ... } file { /etc/apache2/apache2.conf: ... require => Package[apache2], } service { apache2: ... subscribe => File[/etc/apache2/apache2.conf] } }Tuesday, February 26, 13

26. configure a node include webserverTuesday, February 26, 13

27. Classification (maps roles as classes) Classifier Modules Master Facts Catalog VM1Tuesday, February 26, 13

28. Site manifest (/etc/puppet/manifests/site.pp) Map a hosts certname to content from a module node /^my_node/ { include apache }Tuesday, February 26, 13

29. ENC ENC Master The master can call out to arbitrary executables to gure out how a node should be classied.Tuesday, February 26, 13

30. Puppet Client/Server Classifier Modules Master Facts Catalog VM1Tuesday, February 26, 13

31. Catalog Resources Package Package File File Dependencies User User Service ServiceTuesday, February 26, 13

32. Integration is all about ClassificationTuesday, February 26, 13

33. Using metadata/userdata deployApacheServer (with metadata=puppet_class=apache) Self Service API VM1 Puppet MasterTuesday, February 26, 13

34. Using metadata/userdata deployApacheServer (with metadata=puppet_class=apache) Self Service API I was provisioned with metadata VM1 puppet_class=apache Puppet MasterTuesday, February 26, 13

35. Using metadata/userdata deployApacheServer (with metadata=puppet_class=apache) Self Service API I was provisioned with metadata VM1 puppet_class=apache Oh cool! You must be an Puppet apache server MasterTuesday, February 26, 13

36. Determine role based on facts deployVirtualMachine (with metadata)Tuesday, February 26, 13

37. Determine role based on facts deployVirtualMachine (with metadata) populate facter metadata serviceTuesday, February 26, 13

38. Determine role based on facts deployVirtualMachine (with metadata) populate facter metadata service use fact for classication node default { include $::meta_data_role }Tuesday, February 26, 13

39. Pros - simple - classication information set during provisioning processTuesday, February 26, 13

40. Cons - hosts become authoritative over their role - a single rooted host can pretend to be anyone else - metadata/userdata is not always read/writeTuesday, February 26, 13

41. Using instance annotation data deployApacheServer (with group=apache) Self Service API here is my id VM1 Let me consult the cloud system Puppet Master You were provisioned as an apache serverTuesday, February 26, 13

42. Using instance annotation data deployApacheServer (with group=apache) Self Service API VM1Tuesday, February 26, 13

43. Using instance annotation data deployApacheServer (with group=apache) Self Service API here is my id VM1 Puppet MasterTuesday, February 26, 13

44. Using instance annotation data deployApacheServer (with group=apache) Self Service API here is my id VM1 Let me lookup your role based on your id Puppet MasterTuesday, February 26, 13

45. Using instance annotation data deployApacheServer (with group=apache) Self Service API here is my id VM1 Let me lookup your role based on your id Puppet Master You were provisioned as an apache serverTuesday, February 26, 13

46. Pros - provisioning credentials are used to determine role - annotation eld likely updatableTuesday, February 26, 13

47. Cons - puppetmaster must have API credentials - may require a custom ENCTuesday, February 26, 13

48. Decouple role assignment from provisioning After provisioning is completed, ssh into a machine, set a custom fact (using facts.d), and trigger a puppet run. pros - you can easily execute a script to install and bootstrap puppet cons - extra stepTuesday, February 26, 13

49. facts.d facts.d comes with stdlib (http://forge.puppetlabs.com/puppetlabs/stdlib) it converts any key=value pairs listed in /etc/ facts.d/*.txt into factsTuesday, February 26, 13

50. VM provisioning with Puppet (experimental! use cases appreciated)Tuesday, February 26, 13

51. Share Application Stacks as text class my_app_stack { cloudstack_instance { foo4: ensure => present, group => role=db, } cloudstack_instance { foo3: ensure => present, group => role=apache, } }Tuesday, February 26, 13

52. Use resource defaults for common settings Cloudstack_instance { image => CentOS 5.6 key+pass, flavor => Small Instance, zone => ACS-FMT-001, network => puppetlabs-network, keypair => dans_keypair4, } cloudstack_instance { foo4: ensure => $::ensure, group => role=db, } cloudstack_instance { foo3: ensure => $::ensure, group => role=apache, }Tuesday, February 26, 13

53. More issues of trustTuesday, February 26, 13